<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
Thanks Heikki.</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
I managed to run Radiator-4.17 on the new host for the backend EAP auth part and there is no difference in behaviour.</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
I also upgraded the samba pkg to 4.19.8 in the hope that that fixed something in ntlm_auth but no change there either.</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
I went back to my original tests.</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
mschap-test -c succeeds</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
Eapol_test using a non-realm identity="username" succeeds</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
Eapol_test using realm identity="username@strath.ac.uk" fails NT_STATUS_WRONG_PASSWORD</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
Running ntlm_auth manually feeding as input what was captured from the requests going via Radiator also succeeds and fails in the same way. Username and NT-Domain are identical and correct (base64 encoded) in each case, all that is different is LANMAN-Challenge
and NT-Response.</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
For info, the OS upgrade was from FreeBSD10.3 to 13.3.</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
Any more suggestions?</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
Jethro.</div>
<div class="elementToProof" style="font-family: "Segoe UI", "Segoe UI Web (West European)", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<p><span style="font-family: "Segoe UI", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">. . . . . . . . . . . . . . . . . . . . . . . . . </span></p>
<p><span style="font-family: "Segoe UI", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);">J</span><span style="font-family: "segoe ui", "helvetica neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0); background-color: rgba(0, 0, 0, 0);">ethro
R Binks, Network Manager, </span></p>
<p><span style="font-family: "segoe ui", "helvetica neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0); background-color: rgba(0, 0, 0, 0);">Information Services Directorate, University Of Strathclyde, Glasgow, UK</span></p>
<p><span style="font-family: "Segoe UI", "Helvetica Neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0);"><br>
</span></p>
<p><span style="font-family: "segoe ui", "helvetica neue", sans-serif; font-size: 10pt; color: rgb(0, 0, 0); background-color: rgba(0, 0, 0, 0);">The University of Strathclyde is a charitable body, registered in Scotland, number SC015263.</span></p>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> radiator <radiator-bounces@lists.open.com.au> on behalf of Heikki Vatiainen via radiator <radiator@lists.open.com.au><br>
<b>Sent:</b> 16 September 2024 2:46 PM<br>
<b>To:</b> radiator@lists.open.com.au <radiator@lists.open.com.au><br>
<b>Subject:</b> Re: [RADIATOR] Problems with ntlm_auth for EAP inner auth after upgrade</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">On 13.9.2024 0.29, Jethro Binks via radiator wrote:<br>
<br>
> > You did mention that the OS that runs Radiator is also a new one. <br>
> Could it be that the samba config is different enough to cause the <br>
> change in behaviour?<br>
> <br>
> Mildly, as the samba version was also greater so some adjustments were <br>
> made (upgrading samba always throws in changes). But the above tests <br>
> are all against the same running samba on the new server. They key <br>
> setting maybe "ntlm auth = mschapv2-and-ntlmv2-only" which was unstated <br>
> (removing it doesn't seem to make a different to the results).<br>
<br>
Do you think you could try the current Radiator version on the old <br>
server? That would help to learn if we could reduce the number of <br>
changed components in the whole system.<br>
<br>
Or as an alternative, try the older Radiator version on the new system.<br>
<br>
Thanks,<br>
Heikki<br>
<br>
<br>
-- <br>
Heikki Vatiainen<br>
Radiator Software, makers of Radiator<br>
Visit radiatorsoftware.com for Radiator AAA server software<br>
<br>
<br>
_______________________________________________<br>
radiator mailing list<br>
radiator@lists.open.com.au<br>
<a href="https://lists.open.com.au/mailman/listinfo/radiator">https://lists.open.com.au/mailman/listinfo/radiator</a></div>
</span></font></div>
</body>
</html>